Vulnerabilities (CVE)

Filtered by vendor Columbiaweather Subscribe

Filtered by product Weather Microserver Firmware

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-18879	1 Columbiaweather	2 Weather Microserver, Weather Microserver Firmware	2019-06-18	6.5 MEDIUM	8.8 HIGH
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php.
CVE-2018-18877	1 Columbiaweather	2 Weather Microserver, Weather Microserver Firmware	2019-06-18	6.5 MEDIUM	8.8 HIGH
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device.
CVE-2018-18878	1 Columbiaweather	2 Weather Microserver, Weather Microserver Firmware	2019-06-18	7.8 HIGH	7.5 HIGH
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.